Common use of Security Best Practices Clause in Contracts

Security Best Practices. Assessing whether client is adhering to a limited set of common security best practice measures. Adherence to these measures may help limit risk of systems, data, and access being compromised. The Information Security Assessment is designed to assist Client in identifying certain security risks to Client’s business information. The Information Security Assessment includes Marco’s review of a limited set of security risks in areas aligned with the National Institute of Standards and Technology, Cybersecurity Framework 1.1 April 2018 as described below. Marco will gather information for the Information Security Assessment by conducting interviews with Client personnel. Marco will provide a summary of its findings in a report that identifies its primary concerns, the potential business impact of those concerns, and its remediation recommendation(s). Client understands and agrees that the Information Security Assessment is not intended to be a comprehensive information security review and is not a replacement for any legal compliance review, forensic review, general third party technology audit or regulatory audit. To develop recommendations, the following risk areas will be considered: 1. Identify- Are you identifying and controlling who has access to your business information? 2. Protect- Are you protecting the confidentiality, integrity and availability of your business information? 3. Detect- Are you able to detect risks to your business information? 4. Respond- Are you able to respond to a disaster or an information security incident? 5. Recover- Are you prepared to recover from a disaster or an information security incident?